Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Check Point VPN / WebVPN / Mobile Access & Duo MFA (Duo Authentication Proxy v5.0 upwards)

Hello everyone,

For anyone using Duo as their 2 factor authentication service, I'd like to share this information:

Duo works flawlessly up till version 4.0.2, once we upgraded to the Duo Auth Proxy 5.0.1 (latest version), upon confirming the Duo Push Notification, the connection to the VPN does not work anymore (Check Point Gateway drops the traffic).

Turns out that in Version 5.0.0 the Duo Authentication Proxy began sending a RADIUS Message-Authenticator attribute (attribute ID 80) in all responses, which the Check Point gateways don't recognize and drop the traffic.

The solution from Check Point (SR was created, resolved, now closed) is to set the radius_ignore value to 80. Smart Console Menu -> Global Properties -> Advanced -> Configure -> FireWall-1 -> Authentication -> RADIUS.

Afterwards the authentication works again. After having contact with the Duo support, they created a KB for that problem as well:

https://help.duo.com/s/article/6328?language=en_US

Apparently this will be resolved in the upcoming Duo authentication release v5.0.2

Greetings,

Chris

0 Replies